AI-secure/AgentPoison

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/AI-secure/AgentPoison)

AI-secure / AgentPoison

[NeurIPS 2024] Official implementation for "AgentPoison: Red-teaming LLM Agents via Memory or Knowledge Base Backdoor Poisoning"

☆203

Alternatives and similar repositories for AgentPoison

Users that are interested in AgentPoison are comparing it to the libraries listed below

Sorting:

AI-secure / RedCode
View on GitHub
[NeurIPS'24] RedCode: Risky Code Execution and Generation Benchmark for Code Agents
☆67Nov 14, 2025Updated 4 months ago
sleeepeer / PoisonedRAG
View on GitHub
[USENIX Security 2025] PoisonedRAG: Knowledge Corruption Attacks to Retrieval-Augmented Generation of Large Language Models
☆244Jan 27, 2026Updated last month
lancopku / agent-backdoor-attacks
View on GitHub
Code&Data for the paper "Watch Out for Your Agents! Investigating Backdoor Threats to LLM-Based Agents" [NeurIPS 2024]
☆111Sep 27, 2024Updated last year
agiresearch / ASB
View on GitHub
Agent Security Bench (ASB)
☆201Oct 27, 2025Updated 4 months ago
shuaizhao95 / ICLAttack
View on GitHub
ICL backdoor attack
☆17Nov 4, 2024Updated last year
liu00222 / Open-Prompt-Injection
View on GitHub
This repository provides a benchmark for prompt injection attacks and defenses in LLMs
☆409Oct 29, 2025Updated 4 months ago
AAAAAAsuka / llm_defends
View on GitHub
code of paper "Defending Against Alignment-Breaking Attacks via Robustly Aligned LLM"
☆14Nov 17, 2023Updated 2 years ago
guardagent / code
View on GitHub
☆41Dec 9, 2025Updated 3 months ago
pasquini-dario / LLM_NeuralExec
View on GitHub
Code to generate NeuralExecs (prompt injection for LLMs)
☆27Oct 5, 2025Updated 5 months ago
ethz-spylab / agentdojo
View on GitHub
A Dynamic Environment to Evaluate Attacks and Defenses for LLM Agents.
☆488Mar 12, 2026Updated last week
OSU-NLP-Group / EIA_against_webagent
View on GitHub
☆37Oct 2, 2024Updated last year
sail-sg / Agent-Smith
View on GitHub
[ICML 2024] Agent Smith: A Single Image Can Jailbreak One Million Multimodal LLM Agents Exponentially Fast
☆118Mar 26, 2024Updated last year
chanchimin / AgentMonitor
View on GitHub
Codes for our paper "AgentMonitor: A Plug-and-Play Framework for Predictive and Secure Multi-Agent Systems"
☆13Dec 13, 2024Updated last year
MJ-Bench / MJ-Bench
View on GitHub
(NeurIPS 2025) Official implementation for "MJ-Bench: Is Your Multimodal Reward Model Really a Good Judge for Text-to-Image Generation?"
☆47Jun 3, 2025Updated 9 months ago
Django-Jiang / BadChain
View on GitHub
[ICLR24] Official Repo of BadChain: Backdoor Chain-of-Thought Prompting for Large Language Models
☆50Jul 24, 2024Updated last year
bboylyg / BackdoorLLM
View on GitHub
[NeurIPS 2025] BackdoorLLM: A Comprehensive Benchmark for Backdoor Attacks and Defenses on Large Language Models
☆281Mar 13, 2026Updated last week
AI-secure / MMDT
View on GitHub
Comprehensive Assessment of Trustworthiness in Multimodal Foundation Models
☆27Mar 15, 2025Updated last year
PanasonicConnect / rap
View on GitHub
RAP: Retrieval-Augmented Planning with Contextual Memory for Multimodal LLM Agents
☆24Aug 23, 2024Updated last year
aisa-group / skill-inject
View on GitHub
Skill-Inject: Measuring Agent Vulnerability to Skill File Attacks
☆34Feb 24, 2026Updated 3 weeks ago
CTZhou-byte / TrojanRAG
View on GitHub
☆20Jan 6, 2025Updated last year
OSU-NLP-Group / AmpleGCG
View on GitHub
AmpleGCG: Learning a Universal and Transferable Generator of Adversarial Attacks on Both Open and Closed LLM
☆85Nov 3, 2024Updated last year
AI-secure / PolyGuard
View on GitHub
☆18Jun 18, 2025Updated 9 months ago
DPamK / BadAgent
View on GitHub
☆29Feb 27, 2025Updated last year
xunguangwang / SoK4JailbreakGuardrails
View on GitHub
[S&P 2026] SoK: Evaluating Jailbreak Guardrails for Large Language Models
☆35Dec 17, 2025Updated 3 months ago
TangciuYueng / AMemGuard
View on GitHub
☆40Oct 12, 2025Updated 5 months ago
OSU-NLP-Group / AgentSafety
View on GitHub
☆181Oct 31, 2025Updated 4 months ago
OSU-NLP-Group / AgentAttack
View on GitHub
☆23Oct 25, 2024Updated last year
CryptoAILab / Awesome-LM-SSP
View on GitHub
A reading list for large models safety, security, and privacy (including Awesome LLM Security, Safety, etc.).
☆1,899Updated this week
collinzrj / adversarial_decoding
View on GitHub
☆26Oct 27, 2025Updated 4 months ago
AI4Good24 / PsySafe
View on GitHub
☆52Feb 8, 2025Updated last year
SolidShen / BAIT
View on GitHub
🔥🔥🔥 Detecting hidden backdoors in Large Language Models with only black-box access
☆53Jun 2, 2025Updated 9 months ago
umd-huang-lab / VLM-Poisoning
View on GitHub
Code for Neurips 2024 paper "Shadowcast: Stealthy Data Poisoning Attacks Against Vision-Language Models"
☆60Jan 15, 2025Updated last year
SheltonLiu-N / AutoDAN
View on GitHub
[ICLR 2024] The official implementation of our ICLR2024 paper "AutoDAN: Generating Stealthy Jailbreak Prompts on Aligned Large Language M…
☆434Jan 22, 2025Updated last year
fzwark / Secure_LLM_System
View on GitHub
☆14Mar 9, 2025Updated last year
yunqing-me / AttackVLM
View on GitHub
[NeurIPS-2023] Annual Conference on Neural Information Processing Systems
☆228Dec 22, 2024Updated last year
wshi83 / EhrAgent
View on GitHub
[EMNLP'24] EHRAgent: Code Empowers Large Language Models for Complex Tabular Reasoning on Electronic Health Records
☆127Dec 26, 2024Updated last year
PurduePAML / K-ARM_Backdoor_Optimization
View on GitHub
☆18Jun 15, 2021Updated 4 years ago
facebookresearch / rl-injector
View on GitHub
Official release of code for the paper RL is a hammer and LLMs are nails A simple RL approach to stronger prompt injection attacks
☆42Feb 11, 2026Updated last month
datasec-lab / CodeBreaker
View on GitHub
[USENIX Security '24] An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities agai…
☆57Mar 22, 2025Updated last year